<?php
/**
* Author: Porlock
* Link: www.porlockz.com
* Date: 2018-04-22 22:35:18
* Last Modified time: 2018-04-22 22:35:22
*/
require_once ('../init.php');
if(@$_GET['action'] == 'login'){
require_once ('includes/views/admin_header.php');
require_once ('includes/lib/func_login.php');
$homePage = "/afctf/admin/index.php";
if(isset($_SESSION['aid'])){
    msg_display('请勿重复登录','error',$homePage);
}
    echo <<<EOT
<!--登录-->
<link href="/afctf/css/login.css" rel="stylesheet" type="text/css" media="all"/>
<div class="register-form" >
    <div class="first-login">
        <div class="title">
            <h2>管理员登录</h2>
        </div>
        <div class="content-body">
            <form action="/afctf/admin/login.php?action=deal" method="post">
                <div class="input-wrapper">
                    <input type="text" name="ad_username" autofocus="autofocus" required="required" placeholder="请输入你的管理员用户名">
                </div>
                <div class="input-wrapper">
                    <input type="password" name="ad_passwd" required="required" placeholder="请输入你的管理员密码">
                </div>
                <div class="checkcode-wrapper input-wrapper">
                    <input type="text" id="checkcode-input" name="ad_verify" required="required" placeholder="请输入验证码">
                    <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                </div>
                <div>
                    <input class="submit" type="submit"  value="登录">
                </div>
            </form>
        </div>
    </div>
</div>
EOT;
require_once ('includes/views/footer.php');
}
/**
 *  1.开启会话
 *  2.接收数据，检查是否存在空数据
 *  3.校验学号和密码
 *  4.传输session[id]
 */
elseif (@$_GET['action'] == 'deal'){
    require_once ('includes/lib/func_login.php');
    //开启会话
    session_start();
    // 接收从表单传来的数据
    $admin_username = $_POST['ad_username'];
    $admin_password = $_POST['ad_passwd'];
    $verify = $_POST['ad_verify'];
    // 接收验证码图片的值和用户想要前往的页面url
    $code = $_SESSION['code'];
    // 使用完验证码之后清除
    unset($_SESSION['code']);
    $login_url = '/afctf/admin/login.php?action=login';
    $homePage = "/afctf/admin/index.php";
    if(strnatcasecmp($verify,$code)){
        msg_display('验证码错误','error',$login_url);
    }
    // 检查是否有空数据
    if(!filled_out($_POST)){
        msg_display('表单不能为空','error',$login_url);
    }
    //校验学号和密码
    $query   = "SELECT `aid`,`salt`,`passwd_hash`,`level` FROM `admin` WHERE `operator_name` = :operator_name";
    $sth     = $dbh->prepare($query);
    $sth -> bindParam(":operator_name",$admin_username);
    $sth -> execute();
    $result  = $sth -> fetch();
    //获取数据库查询结果
    $admin_aid   = $result['aid'];
    $admin_salt = $result['salt'];
    $admin_hash = $result['passwd_hash'];
    $admin_level = $result['level'];
    //判断密码是否正确
    if(!check_pw($admin_password,$admin_salt,$admin_hash)){
        msg_display('密码错误','error',$login_url);
    }
    //密码正确跳转至用户目的地
    $_SESSION['aid'] = $admin_aid;
    $_SESSION['level'] = $admin_level;
    msg_display('登录成功','success',$homePage);
}